mohd7469 / oauth2orize-openid-examples Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
To my understanding, when using Authorization Code flow with OIDC, beside generating an access_token
and an optional refresh_token
, it is mandatory to generate a JWT id_token
.
Current exchange does not support that :
server.exchange(oauth2orize.exchange.code(function(client, code, redirectURI, done) {
db.authorizationCodes.find(code, function(err, authCode) {
if (err) { return done(err); }
if (client.id !== authCode.clientID) { return done(null, false); }
if (redirectURI !== authCode.redirectURI) { return done(null, false); }
var token = utils.uid(256)
db.accessTokens.save(token, authCode.userID, authCode.clientID, function(err) {
if (err) { return done(err); }
done(null, token);
});
});
}));
https://github.com/gerges-beshay/oauth2orize-openid-examples/blob/master/oauth2.js#L173
I think it is required to modify two functions - the code grant, to save the scope with authorizationCodes, and the token callback to something like
var params;
if (hasScope(scope, 'openid'){
params = {
id_token : //JWT
};
}
done(null, token,refreshToken, params);
If you are okay with my proposed solution I might be able to send a pull request
I believe it is critical to include an example of JWT id_token generation since OIDC id_tokens are all about JWT as far as I get it from the specs.
So it would be nice to get an example of best practices and recommended modules to use for generating a JWT id_token.
Currently, all OIDC extensions in the example leave the id_token
generation up to the user. Which to my opinion is confusing
server.grant(oauth2orize_ext.grant.idToken(function(client, user, done){
var id_token;
// Do your lookup/token generation.
// ... id_token =
done(null, id_token);
}));
https://github.com/gerges-beshay/oauth2orize-openid-examples/blob/master/oauth2.js#L43
This and the other oauth2orize examples are not using up to date versions of dependencies.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.